On Wed, 12 May 2004, Dave Crocker wrote:
1. "Consistency" is not the same as "authorization".
2. I was attempting to highlight an issue about the trust assumptions
that people might make but shouldn't.
I think these points are part of the background to your CSV draft that I
failed to understand.
As far as I can see, consistency implies authorization.
Current practice is usually to have multiple names for a given IP address
but only one PTR back to the host's primary name, so authorization for a
forward DNS entry does not imply the existence of the corresponding
reverse entry.
On the other hand the existence of a reverse entry without the
corresponding forward entry is usually considered broken or a sign
of people playing silly buggers.
It's unusual for MTAs to vary their HELO domain according to the message
they are about to transfer -- they just state their primary hostname. So
fully comprehensive reverse DNS isn't needed for a HELO domain consistency
check to acheive the technical goals of CSV.
It's unfortunate that RFC 1123 required MTAs to be lenient about broken
DNS and HELO arguments.
--
Tony Finch <dot(_at_)dotat(_dot_)at> http://dotat.at/